Seemingly on a daily basis, cyber safety and data security is in the news. Be it large national retailers, state agencies or insurance companies, it seems no one person, nor their data, is entirely immune. And while it is likely true that the larger the company, the larger the issue, small businesses can be equally impacted. In fact, the risk is probably more severe for the smaller company.
By some estimates, the cost per one compromised record in a data loss situation is $221. That’s for a single incident. Do the math and it’s easy to see how that could quickly add up and severely damage a smaller business. Permanently. In fact, 60 percent of small businesses fail within six months of a major breach.
According to a 2017 study conducted by Ponemon Institute (sponsored by IBM) on Cyber Security, the cost of a data breach has gone down slightly year over year. The bad news. The breaches keep coming.
So how does a small business protect itself?
It is indeed a balancing act. Thanks to technological advances, consumers and businesses can interact via many platforms at all times of the day; you can check your medical records online, get an email reminder when you are due for an oil change or even get a text message when a business is closed due to inclement weather.
At the same time, this flexibility and access has led to new vulnerabilities due to the many ways in which we connect, communicate and share information.
So how does a successful business achieve the proper balance among profitability, consumer access and employee engagement along with the vital need for security and data protection?
I would advocate for a “three-legged stool” approach comprised of:
-
- The proper equipment and technology
- The necessary training and follow-ups
- Securing a true commitment from business leaders to the process
Equipment and technology
If your business has remote (home-based) employees, chances are they enjoy that flexibility. The challenge of a small business owner is to balance those needs with those of their customers. Whether your employees log in via a key fob, special password or some other method, this is no area in which to cut costs. A company like Safetica -which provides technology for data loss protection and encryption programs – is a good investment, particularly for an off-site workforce. While you’re shoring up your office-based equipment, make sure that the devices that your employees use fit the bill as it relates to security. An additional step you can take is to provide company-issued devices specific to their work.
Training and follow-ups
After you’ve invested in the technology and equipment, you need to train to the process. Successful companies view this in two stages- 1) a strong focus on security as part of the orientation/onboarding process and 2) a regular schedule of training refreshers/reminders. The second part is particularly important due to the changing nature of technology.
It is vital that employees both understand how to use the technology and take the necessary safeguards. This may sound simple but witness the real-life examples of data being comprised due to the theft of a lap top from someone’s car, a computer screen visible to work-site visitors or information stolen from an unguarded device at someone’s favorite coffee shop.
Finally, it’s also a good idea to have social media use and security as part of one’s training program as some cyber criminals have used business information shared online to scam unsuspecting employees.
A commitment from leadership
Just as a good sales organization holds that customer service is everyone’s job- leadership included- so too is the commitment to cyber-security. This can’t be emphasized enough. Without a true top-down commitment, i.e. 24-7/365, and the appropriate investment, an organization’s ability to protect its data could be compromised.
No system is 100 percent fool proof but putting these safeguards in place will make it that much harder for your data to be comprised. The harder you make it for the bad guys, the more likely they are to move on to softer targets.
Greg Mason is President and Founder of Merrimack River Technologies, Inc, an IT solution company based in Manchester, NH. The company provides support for a broad range of businesses including: CPAs, Dentists, Manufacturing, and Veterinarians. To learn more, please visit: www.mrivertech.pro
